Frequently asked questions

1. What are the most significant advantages of usage of Hacktrophy?

With Hacktrophy, you can use the talent of a number of ethical, so-called white hat hackers who care about Internet security. These enable you to target your tests accurately and find security bugs that might not be revealed otherwise. You can do all this comfortably through a single platform, even with our full support in the PREMIUM plan.

2. Why should I be confident that the ethical hacker will report security vulnerabilities to me? Wouldn’t he profit more from abusing or selling them?

All ethical hackers working for Hacktrophy undergo a registration process and respect a strict code of conduct. Their motivation is to help, learn and accept new challenges. With Hacktrophy they can do it legally and for a reward.

If a hacker wanted to abuse any security vulnerabilities, they would prefer a company that doesn’t care about security, not a company that is actively trying to improve it. Moreover, by keeping the vulnerability to themselves, hackers would put themselves at risk of losing the reward in case an ethical hacker would find the vulnerability and get rewarded, effectively preventing any abuse.

Moreover, a hacker doesn’t need Hacktrophy to attack a website and abuse its security vulnerabilities. On daily basis, your web is scanned by thousands of automatic robots that present as much as 56% of overall web traffic. Some of these robots autonomously search for vulnerable websites and applications and notify black hat hackers. This is why every fifth company becomes a victim of a cybernetic attack. The aim of Hacktrophy is the exact opposite – to protect companies from these attacks.

Another reason to trust ethical hackers is the fact that global companies like Facebook or Google and even government organizations such as Pentagon have already been using the services of ethical hackers in so-called bug bounty programs for several years already.

3. How much will I pay for testing my service?

The final price depends on the scope of your project, on the plan you choose (BASIC or PREMIUM) and on the type of vulnerability found by an ethical hacker. You can adjust all the rewards for ethical hackers when setting up the project, of course. The commission of Hacktrophy is a fixed 20% of every reward, so you know exactly how much and for what you pay. In addition, you can set an overall monthly reward limit that will guarantee you won’t pay more than you had set.

Our practical reward calculator will help you set the rewards. By asking a few simple questions about your project, it will propose optimal rewards that you can consider and change depending on your needs.

We will be happy to assist you with setting up ideal rewards personally in the PREMIUM plan. Learn more about plans on the Plans page.

4. What is the point of testing with Hacktrophy if I have already paid for a penetration test, have access to databases of vulnerabilities or own valid certificates?

Pen-tests are a one-time solution based on a single platform and usually require significant investment. Hacktrophy enables you to continuously test your service by using a wide variety of approaches and techniques of ethical hackers from all around the world. At the same time, it stays straightforward and affordable.

Considering its higher price, a penetration test or a safety audit is very suitable after testing with Hacktrophy, when you already know what to focus on. In case of a large number of trivial vulnerabilities though, it is recommendable to use a penetration test before testing through Hacktrophy. Either way, these two approaches to testing are based on different principles, so it is ideal to combine them.

Databases of vulnerabilities are not sufficient because they never contain all known safety bugs. At the same time, certificates only cover a small part of the complex security spectrum that ethical hackers can test.

5. When is a good time to use Hacktrophy?

Every time when security abuse might put your business in danger, especially when you:

– work with sensitive data, such as personal client data including e-mails and payment details
– run an e-shop, a CRM system, a pay gate or a project portal
– are launching a new online product
– run any type of Internet payment
– have a website built using third party solutions, but hosted on your own server
– are introducing new functionality into your web or application, and its introduction does not justify the costs of running a penetration test
– want to find out where your weak spots are and what to focus your attention on

If you aren’t sure if Hacktrophy is the right choice for you, we will be glad to help you.

6. I think my online product isn’t attractive to hackers. Why should I be afraid of hack attacks?

On average, every website becomes the target of a cybernetic attack every 120 days. Times when hackers only focused on large and rich companies are long gone. Your website gets scanned every single day by automatic scripts and robots that seek and abuse security bugs. These robots often represent more than half of all website traffic. This way, hackers can endanger any web from the smallest e-shop to the largest corporation.

At a certain point, every fifth company becomes a target of cybernetic attack. In combination with the fact that 86% of websites contain at least one serious safety vulnerability, it is only a question of time when your website will be hacked. It is therefore important to be prepared and get rid of all security vulnerabilities before someone will take advantage of them.

Last but not least, it is important to consider whether a product not interesting for hackers is at the same time interesting for clients. 🙂

7. I consider my product secure enough. Why should I be in danger of a hack attack?

According to our own survey, 16% of Slovak and Czech companies have experienced a direct hack attack, with 28% having indirect experience. In general, many company executives are not aware of the possible risks and therefore don’t pay necessary attention to IT security. The survey of the Kaspersky company showed that „as many as 40% of small and medium-sized business representatives stated they are not aware of current attacks that present a real threat to their business.“

That is why 62% of them have started using the services of external IT security providers, allocating approximately 5% of their yearly budget to IT security. It is also important to mention that the Czech republic is among TOP 10 countries in the number of websites hacked per day.

Finally, it is important to consider that what was safe last year probably isn’t safe anymore today. Therefore, security precautions have to be perceived as continuous processes rather than one-time, static fixes.

1. What are the biggest benefits of making money with Hacktrophy?

As an ethical hacker registered with Hacktrophy, you can reveal security vulnerabilities of websites and apps of prestigious companies that care about IT security. This way you’re doing what you love, legally and for a prearranged reward.

It doesn’t matter whether you’re interested in occasional ethical hacking only or whether you’re a security expert with years of experience. There’s a number of open projects at your disposal, enabling you to pick those that match your skills and interests.

Thanks to a strong community of ethical hackers, you can easily work on improving your abilities and expanding your portfolio with innovative companies that really care about IT security.

2. Why should I report a security vulnerability I found instead of abusing it myself?

Besides the fact that it’s illegal, any gains from such abuse are often very uncertain. With Hacktrophy all is legal and you know your reward beforehand. Moreover, your reputation as security expert keeps rising with every new project and if you’re good, you can easily start cooperation with the biggest players on the market.

3. What assurance do I have that the client will really pay for the vulnerabilities I report?

When publishing a project, every client confirms the obligation to pay the agreed amount for every discovered vulnerability that falls within the scope of the project. Should they decide not to do so, a dispute is started not only with the ethical hacker involved, but with Hacktrophy as well. In such rare occurrence, our moderators are fully at your disposal to help you and settle any disputes.

Last but not least, if the client refuses to pay, they risk a loss of reputation that can potentially be fatal for their business. Thanks to the option to set a monthly limit however, the clients are able to offer only what they can really afford.

4. What do I need to register and how will I get paid?

Registering with Hacktrophy is very straightforward and only requires basic personal data. We recommend to fill out everything though – if you do, we will be happy to confirm who you are and invite you to work on private projects with even larger rewards.

After your vulnerability report gets approved as valid by a client (BASIC plan) or a Hacktrophy moderator (PREMIUM plan), the client starts the process of fixing the bug, during which you actively communicate to help them. At the same time, Hacktrophy invoices the client.

After the invoice is paid by the client, your reward is sent to the account listed in your hacker account. You get exactly the amount that you can see on the project page. No matter what kind of legal subject you are, you are the sole person responsible for paying tax.

Have any questions? We’ll call you.

If you’re still unsure about how Hacktrophy can help your project or have any questions, we will be glad to help you.

Name and surname

Company name

Telephone number

E-mail

When do you want us to call you?

9:00 - 11:00

11:00 - 13:00

13:00 - 16:00

16:00 - 18:00

Hereby I grant to the company Hacktrophy spol. s r. o. my consent according to the sec. 11 par. 1 and relevant provisions of the Act No. 122/2013 Coll. on the personal data protection in effective wording with processing of my personal data in the extent and under conditions published on the website https://hacktrophy.com (Rules of personal data protection). Show moreI am aware of the fact that I am entitled to withdraw this consent in writing anytime. At the same time I declare and confirm, that Hacktrophy has informed me in accordance with the sec. 15 par. 1 of the act on personal data protection on conditions of personal data processing and on my relevant rights, which are published on the website https://hacktrophy.com (Rules of personal data protection).

Your message was sent.
Thank you! We appreciate your interest and will call you as requested.